The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3124903. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the     VBScript engine due to improper handling of objects in     memory. An attacker can exploit this vulnerability by     convincing a user to visit a specially crafted website     or open a Microsoft Office document containing an     embedded ActiveX control, resulting in execution of     arbitrary code in the context of the current user.
    (CVE-2016-0002)

  - An elevation of privilege vulnerability exists due to     improper enforcement of cross-domain policies. An     attacker can exploit this vulnerability to access     information from one domain and inject it into another     domain, resulting in a bypass of the cross-origin     policy and an elevation of privileges. (CVE-2016-0005)

Detections

Analytics

MS16-001: Cumulative Security Update for Internet Explorer (3124903)

high Nessus Plugin ID 87877

Version 1.13

Version 1.12

Version 1.13 May 7, 2025, 3:51 PM Plugin metadata (Adding Internet Explorer CPEs to ensure remediation logic is correctly implemented in the Tenable Platform products.) Plugin Feed: 202505071551
Version 1.12 Feb 18, 2025, 11:54 PM Plugin metadata (CVSS 3 Change AC:H --> AC:L where needed) Plugin Feed: 202502182354